Refactor lmn_vpn role

- Separate `lmn_vpn` from `lmn_teacherlaptop`.
- Implement a check for the availability of the wireguard-server during the wg-config rollout.
- Enhance variable support with a standardized naming schema:
  - VPN selection via `vpn` variable (`none`, `wg`).
  - Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath).
- Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts
  to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked.
- Ensure required packages and services are only installed and configured if the `vpn` variable is set.
- Provide documentation for `lmn_vpn` module.

roles/lmn_teacherlaptop/tasks/main.yml

@@ -3,7 +3,6 @@
   ansible.builtin.apt:
     name:
       - plasma-discover
-      - wireguard
       - nextcloud-desktop
       - dolphin-nextcloud
         # - krb5-auth-dialog
@@ -18,24 +17,6 @@
     - lmn-packagekit.rules
     - lmn-networkmanager.rules
 
-- name: Copy mountserver script to /usr/local/bin
-  ansible.builtin.copy:
-    src: mountserver
-    dest: /usr/local/bin/
-    mode: "0755"
-
-- name: Copy NetworkManager dispatcher-script (10-lmn-mount.sh)
-  ansible.builtin.copy:
-    src: 10-lmn-mount.sh
-    dest: /etc/NetworkManager/dispatcher.d/
-    mode: "0755"
-
-- name: Create link to dispatcher-script (10-lmn-mount.sh)
-  ansible.builtin.file:
-    src: ../10-lmn-mount.sh
-    dest: /etc/NetworkManager/dispatcher.d/pre-down.d/10-lmn-mount.sh
-    state: link
-
 - name: Deploy sudo configurations (apt for role-teacher)
   ansible.builtin.copy:
     dest: /etc/sudoers.d/90-lmn-teacherlaptop
@@ -45,10 +26,3 @@
     content: |
       %role-teacher ALL=(root) NOPASSWD: /usr/bin/apt
       %role-teacher ALL=(root) NOPASSWD: /usr/sbin/cryptsetup
-      %role-teacher ALL=(root) NOPASSWD: /usr/local/bin/mountserver
-
-- name: Configure Wireguard
-  ansible.builtin.include_tasks: wg_config.yml
-  tags:
-    - never
-    - wgconfig